* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Arthur-Merlin and Black-Box Groups in Quantum
Wave–particle duality wikipedia , lookup
Renormalization group wikipedia , lookup
Topological quantum field theory wikipedia , lookup
Relativistic quantum mechanics wikipedia , lookup
Basil Hiley wikipedia , lookup
Renormalization wikipedia , lookup
Bell test experiments wikipedia , lookup
Theoretical and experimental justification for the Schrödinger equation wikipedia , lookup
Scalar field theory wikipedia , lookup
Bohr–Einstein debates wikipedia , lookup
Double-slit experiment wikipedia , lookup
Delayed choice quantum eraser wikipedia , lookup
Particle in a box wikipedia , lookup
Measurement in quantum mechanics wikipedia , lookup
Path integral formulation wikipedia , lookup
Quantum field theory wikipedia , lookup
Quantum decoherence wikipedia , lookup
Copenhagen interpretation wikipedia , lookup
Density matrix wikipedia , lookup
Hydrogen atom wikipedia , lookup
Coherent states wikipedia , lookup
Quantum dot wikipedia , lookup
Quantum entanglement wikipedia , lookup
Bell's theorem wikipedia , lookup
Quantum electrodynamics wikipedia , lookup
Probability amplitude wikipedia , lookup
Quantum fiction wikipedia , lookup
Many-worlds interpretation wikipedia , lookup
Orchestrated objective reduction wikipedia , lookup
Symmetry in quantum mechanics wikipedia , lookup
History of quantum field theory wikipedia , lookup
EPR paradox wikipedia , lookup
Interpretations of quantum mechanics wikipedia , lookup
Quantum computing wikipedia , lookup
Quantum machine learning wikipedia , lookup
Canonical quantization wikipedia , lookup
Quantum cognition wikipedia , lookup
Quantum state wikipedia , lookup
Hidden variable theory wikipedia , lookup
Quantum teleportation wikipedia , lookup
Arthur, Merlin, and Black-Box Groups in Quantum Computing Or, How Laci Did Quantum Stuff Without Knowing It Scott Aaronson (MIT) I’ll tell the story of a few of Laci’s brainchildren from the 80s—MA, AM, black-box groups—and how they came to play a major role in quantum computing theory What should you conclude from this? (1) Laci works on the trendiest areas before they even exist (2) Quantum computing can’t be that scary (3) Beautiful mathematical structures (like finite groups) do useful things in TCS (like giving natural examples where quantum computing seems to outperform classical) 2 / 17 Dramatis Personae: Merlin & Arthur Input x{0,1}n Is xL? Witness w{0,1}p(n) All-knowing prover Polynomial-time verifier Babai’s probabilistic generalizations of NP: MA (Merlin-Arthur): Class of languages L for which, if the answer is “yes,” there’s a polynomial-size proof that Arthur can check in probabilistic polynomial-time AM (Arthur-Merlin): Same, except that now Arthur can also submit a random challenge to Merlin 3 / 17 [Klivans-van Melkebeek ‘99] Under plausible complexity assumptions, AM=MA=NP But in the black-box setting, these classes can be extremely different! Example: Suppose Merlin wants to convince Arthur that is one-to-one rather than two-to-one In NP or MA, he can’t! But in AM, Arthur can pick a random input x{0,1}n, then compute f(x), send it to Merlin and ask what x was 4 / 17 Quantum Mechanics In One Slide State of n “qubits” is a unit vector in : (you get used to the asymmetric brackets with time) 2n orthogonal basis vectors: |0…0, …, |1…1 Usual initial state: |0…0 You can multiply the vector of x’s (amplitudes) by a 2n2n unitary matrix U (matrix that maps unit vectors to unit vectors) If you measure the state |, you see outcome |x with probability |x|2. Also, the state collapses to |x Central phenomenon that QC exploits: interference between positive and negative amplitudes 5 / 17 Quantum Analogues of NP QMA (Quantum Merlin-Arthur): Class of problems for which, if the answer is “yes,” there’s a quantum proof | with poly(n) qubits, which can be checked by a polynomial-time quantum verifier QCMA (Quantum Classical Merlin-Arthur): Same as QMA, except now the proof needs to be classical FUNDAMENTAL QUESTION Does QMA = QCMA? Intuitively: Can a quantum proof be exponentially more compact than its shortest classical counterpart? 6 / 17 Bestiary PH P#P QAM AM QMA NP P MA BPP QCMA BQP 7 / 17 Black-Box Groups Unknown finite group G, of order 2poly(n) Input: MeaninglessFrom now on, we’ll abuse Output: Labels of notation and identify an strings that label -1 gh or g element gG with its label elements of G We’re given: Generators g1,…,gk of G; ability to recognize the identity element e Quantum analogue: Important point: In the quantum case, every element of G must have a unique label! 8 / 17 The Group Membership Problem Given: Black-box group G, subgroup HG (specified by generators), element xG Problem: Is xH? x G H Membership in H can be proved in NP [Babai-Szemerédi’84] But what about proving non-membership in H? Fact: For some groups G (even abelian groups), there’s no small NP proof (or even MA proof) for non-membership (Non-membership can always be proved in AM, using protocols for approximate counting) 9 / 17 There is always a QMA witness of non-membership! [Watrous 2000] Merlin’s “quantum proof” for xH (in the honest case): (equal superposition over elements of H) Note: |H might be exponentially hard to prepare! Sampling a random element of H isn’t enough Given this proof, Arthur prepares where |Hx is an equal superposition over the elements of the right coset Hx Then he applies the Hadamard transform to the first qubit and measures that qubit 10 / 17 First suppose xH. Then |H=|Hx HADAMARD so |0 is observed with probability 1 Next suppose xH. Then |H and |Hx are orthogonal HADAMARD so |0 and |1 are equally likely to be observed Ah, but how does Arthur check that Merlin’s witness | is really |H, and not some other state? Step 1: Use a random walk [Babai’91] to generate nearly-random elements gG and hH Step 2: Check that | behaves like |H on all gG and 11 / 17 hH that are tested So, can Group Non-Membership be used to prove an oracle separation between QMA and QCMA? Alas, no. Theorem [A.-Kuperberg 2007]: Group Non-Membership has polynomial-size classical proofs, which can be verified using poly(n) quantum queries to the group oracle (and possibly exponential post-computation—though even that can be removed under plausible grouptheoretic conjectures) 12 / 17 Idea of proof: “Pull the group out of the black box” Isomorphism f claimed by Merlin Explicit group Black-box group G To check that f is (close to) a homomorphism, Arthur uses a classical homomorphism tester of [Blum-Luby-Rubinfeld] Assuming f is a homomorphism, f is 1-to-1 Ker f is trivial This yields an instance of the Hidden Subgroup Problem! [Ettinger-Høyer-Knill ‘97] show that for any group G, HSP is solvable with poly(n) quantum queries to the group oracle 13 / 17 Communication Complexity Challenge Group theorists in the audience: please pay attention G Finite group known to both players Subgroup HG 1-WAY message mH Is xH? Element xG Best deterministic protocol: Alice sends Bob log2|G| bits (the generators of H) Best quantum protocol: Alice sends Bob log|G| qubits, Then Bob runs the Watrous protocol to decide if xH 14 / 17 $50 Challenge: Does there exist a family of groups {Gn}, for which any classical randomized protocol needs (log|Gn|) bits? (Ideally (log2|Gn|)?) Would yield the first asymptotic gap between 1-way randomized and 1-way quantum communication complexities, for a total Boolean function [A., Le Gall, Russell, Tani 2009]: If G is abelian—or if G has constant-dimensional irreps, or if is a normal subgroup—then there’s a classical randomized protocol that uses only O(log|G|) communication 15 / 17 Conclusion: Why Do Quantum Computing and Finite Groups Mesh So Well? Finite groups are “rigid” objects Any two right-cosets of HG are either identical or disjoint Any two distinct subgroups differ on a constant fraction of elements And we want that “rigidity” in quantum algorithms and protocols, to create interesting interference patterns Also, the fact that elements have unique inverses means that we can apply group operations reversibly Still, understanding the interplay of quantum computing with (badly) nonabelian groups remains a challenge Most famous example of that, which I only touched on: the Nonabelian Hidden Subgroup Problem 16 / 17 More Open Problems Is there a QMA protocol to prove that a black-box function f:{0,1}n{0,1}n is one-to-one rather than two-to-one? In 2002, I showed this problem is not in BQP; indeed any quantum algorithm needs (2n/3) time [A.-Shi 2002] It’s still open to prove an oracle separation between QMA and QCMA! [A.-Kuperberg 2007] proved a “quantum oracle separation” Can we give an oracle relative to which BQPAM? [A. 2010]: The “Generalized Linial-Nisan Conjecture” would imply an oracle relative to which BQPPH Original Linial-Nisan Conjecture: Proved by [Braverman 2009] Laci actually thought of it before Linial-Nisan 17 / 17